CVE-2025-13610 is a stored cross-site scripting vulnerability identified in the WordPress plugin RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login, developed by metagauss. The vulnerability exists due to improper neutralization of input during web page generation, specifically insufficient sanitization and escaping of the 'theme' attribute within the plugin's 'RM_Forms' shortcode. This flaw allows authenticated attackers with contributor-level privileges or higher to inject arbitrary JavaScript code into pages generated by the plugin. When other users access these pages, the injected scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, or data theft. The vulnerability affects all versions up to and including 6.0.6.7. The CVSS 3.1 score of 6.4 reflects a medium severity, with an attack vector over the network, low complexity, and no user interaction required, but requiring some level of authentication (contributor or above). The scope is changed, indicating that the vulnerability can affect resources beyond the initially compromised component. No public exploits or patches are currently available, increasing the urgency for organizations to implement mitigations. The vulnerability is categorized under CWE-79, a common and well-understood class of web application security issues. Given the widespread use of WordPress and the popularity of this plugin for managing user registrations and payments, this vulnerability could be leveraged to compromise websites, steal sensitive user data, or conduct further attacks within the affected environment.

For European organizations, the impact of CVE-2025-13610 can be significant, especially for those relying on WordPress sites with the RegistrationMagic plugin for user registration, payment processing, or login functionalities. Successful exploitation can lead to unauthorized script execution in users' browsers, enabling session hijacking, credential theft, or redirection to malicious sites. This compromises confidentiality and integrity of user data and may damage organizational reputation. Financial services, e-commerce platforms, and membership-based sites are particularly at risk due to the sensitive nature of the data handled. Additionally, the vulnerability could be used as a foothold for further attacks within the network, potentially leading to lateral movement or data exfiltration. Given the medium severity and the requirement for contributor-level access, insider threats or compromised accounts pose a notable risk. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits rapidly once the vulnerability is public. European organizations must consider regulatory implications under GDPR if personal data is compromised due to exploitation.

To mitigate CVE-2025-13610, European organizations should first verify if their WordPress installations use the RegistrationMagic plugin and identify the version in use. Immediate mitigation steps include: 1) Restrict contributor-level and higher permissions strictly to trusted users to reduce the risk of malicious input injection. 2) Implement web application firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting the 'theme' attribute in the 'RM_Forms' shortcode. 3) Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in browsers. 4) Monitor logs for unusual activity or attempts to inject scripts via the plugin interfaces. 5) Regularly audit user accounts and remove or downgrade unnecessary contributor or higher privileges. 6) Since no patches are currently available, consider temporarily disabling the plugin or replacing it with alternative solutions until a secure update is released. 7) Educate site administrators and users about the risks of XSS and safe content management practices. 8) Prepare incident response plans to quickly address potential exploitation. These steps go beyond generic advice by focusing on access control, detection, and containment specific to this vulnerability's characteristics.